Theaccountislocked
SQL> select * from v$version where rownum=1;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
SQL> !cat /etc/issue
Enterprise Linux Enterprise Linux Server release 5.5 (Carthage)
Kernel \r on an \m
從oracle10g開始,對用戶默認登陸失敗次數有限制,默認用戶的failed_login_attempts設置口令的失敗次數為10,如果10次登陸失敗,則該用戶被鎖定:
SQL> select * from dba_profiles where resource_name='FAILED_LOGIN_ATTENMPTS';
未選定行
上面沒有選定的行是因為上次被我設置限制了,下面我們設置:
SQL> alter profile default limit failed_login_attempts 2;
配置文件已更改
SQL> select * from dba_profiles where resource_name='FAILED_LOGIN_ATTEMPTS';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD 2
MONITORING_PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
當然也可以無限制:
SQL> alter profile default limit FAILED_LOGIN_ATTEMPTS unlimited;
配置文件已更改
SQL> select * from dba_profiles where resource_name='FAILED_LOGIN_ATTEMPTS';
PROFILE RESOURCE_NAME RESOURCE LIMIT
------------------------------ -------------------------------- -------- ----------------------------------------
DEFAULT FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
MONITORING_PROFILE FAILED_LOGIN_ATTEMPTS PASSWORD UNLIMITED
下面我們模擬當兩次失敗登陸提示:
[oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 6月 10 18:52:02 2015
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn hr/w
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> conn hr/w
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> conn hr/w
ERROR:
ORA-28000: the account is locked
失敗登陸次數的限制有利於數據庫的安全,生產庫可以使用。
但是如何知道當前失敗多次了呢?
用戶的狀態信息是通過dba_users來展現的:
SQL> select count(*) from dba_users;
執行計劃
----------------------------------------------------------
Plan hash value: 3953741735
-------------------------------------------------------------------------------------------------------
| Id | Operation | Name | Rows | Bytes | Cost (%CPU)| Time |
-------------------------------------------------------------------------------------------------------
| 0 | SELECT STATEMENT | | 1 | 86 | 30 (10)| 00:00:01 |
| 1 | SORT AGGREGATE | | 1 | 86 | | |
|* 2 | HASH JOIN | | 11 | 946 | 30 (10)| 00:00:01 |
|* 3 | HASH JOIN | | 11 | 913 | 23 (14)| 00:00:01 |
|* 4 | HASH JOIN | | 11 | 880 | 20 (10)| 00:00:01 |
|* 5 | HASH JOIN | | 14 | 994 | 18 (12)| 00:00:01 |
|* 6 | HASH JOIN OUTER | | 14 | 952 | 10 (10)| 00:00:01 |
|* 7 | HASH JOIN | | 14 | 546 | 8 (13)| 00:00:01 |
| 8 | MERGE JOIN CARTESIAN| | 1 | 11 | 4 (0)| 00:00:01 |
|* 9 | TABLE ACCESS FULL | PROFILE$ | 1 | 9 | 2 (0)| 00:00:01 |
| 10 | BUFFER SORT | | 1 | 2 | 2 (0)| 00:00:01 |
| 11 | TABLE ACCESS FULL | PROFNAME$ | 1 | 2 | 2 (0)| 00:00:01 |
|* 12 | TABLE ACCESS FULL | USER$ | 36 | 1008 | 3 (0)| 00:00:01 |
|* 13 | TABLE ACCESS FULL | RESOURCE_GROUP_MAPPING$ | 1 | 29 | 2 (0)| 00:00:01 |
| 14 | TABLE ACCESS FULL | TS$ | 20 | 60 | 7 (0)| 00:00:01 |
|* 15 | TABLE ACCESS FULL | PROFILE$ | 2 | 18 | 2 (0)| 00:00:01 |
| 16 | TABLE ACCESS FULL | USER_ASTATUS_MAP | 9 | 27 | 2 (0)| 00:00:01 |
| 17 | TABLE ACCESS FULL | TS$ | 20 | 60 | 7 (0)| 00:00:01 |
-------------------------------------------------------------------------------------------------------
看下底層表USER$:
SQL> DESC USER$
名稱 是否為空? 類型
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
USER# NOT NULL NUMBER
NAME NOT NULL VARCHAR2(30)
TYPE# NOT NULL NUMBER
PASSWORD VARCHAR2(30)
DATATS# NOT NULL NUMBER
TEMPTS# NOT NULL NUMBER
CTIME NOT NULL DATE
PTIME DATE
EXPTIME DATE
LTIME DATE
RESOURCE$ NOT NULL NUMBER
AUDIT$ VARCHAR2(38)
DEFROLE NOT NULL NUMBER
DEFGRP# NUMBER
DEFGRP_SEQ# NUMBER
ASTATUS NOT NULL NUMBER
LCOUNT NOT NULL NUMBER
DEFSCHCLASS VARCHAR2(30)
.........
.........
以上的探索思路,來自eygle大師《循序漸進,ORACLE 數據庫管理,優化與備份恢復》一書,
LCOUNT很讓人敏感:
SQL> select name,lcount from user$ where name='HR';
NAME LCOUNT
------------------------------ ----------
HR 0
==========================================================
[oracle@localhost ~]$ sqlplus /nolog
SQL*Plus: Release 11.2.0.1.0 Production on 星期三 6月 10 19:03:40 2015
Copyright (c) 1982, 2009, Oracle. All rights reserved.
SQL> conn hr/s
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> select name,lcount from user$ where name='HR';
NAME LCOUNT
------------------------------ ----------
HR 1
================================================
SQL> conn hr/s
ERROR:
ORA-01017: invalid username/password; logon denied
SQL> select name,lcount from user$ where name='HR';
NAME LCOUNT
------------------------------ ----------
HR 2
通過實驗,我們發現lcount這個字段記錄的是失敗登陸次數,如登陸成功後,自動清空為0
如果再繼續研究,則不得不提起之前文章中提起的重要腳本:sql.bsq,讀者感興趣自行研究